SQLI_SCAN

1. #!/usr/bin/perl
2. use LWP::Simple;
3. $usage = "\nperl $0 <listsql.txt>\nExample : perl $0 listsql.txt\n";
4. die "$usage" unless $ARGV[0];
5. $file="$ARGV[0]";
6. ###################################################################################################
7. #I.C.S.G Multi Sql Injection Vulenarability Scanner #
8. # #
9. #Coded By WH!T3 W01F #
10. # #
11. #Iran Cyber Security Group #
12. # #
13. #Iran-Cyber.Org #
14. # #
15. #Spc Tnx: root3r | MOHAMAD-NOFOZI | KamraN HellisH | JOK3R | Pi.Hack #
16. # #
17. #Put Sites List That You Want To Scan Them In A .txt File Then Give It To Script When Running It #
18. # #
19. #Usage : perl file.pl siteslist.txt #
20. ###################################################################################################
21. print q {
22. _____ _____ _ ____
23. |_ _| / ____| | | / __ \
24. | | _ __ __ _ _ __ ______ | | _ _| |__ ___ _ __ | | | |_ __ __ _
25. | | | '__/ _` | '_ \|______|| | | | | | '_ \ / _ \ '__| | | | | '__/ _` |
26. | |_| | | (_| | | | | | |___| |_| | |_) | __/ | _ | |__| | | | (_| |
27. |_____|_| \__,_|_| |_| \_____\__, |_.__/ \___|_| (_) \____/|_| \__, |
28. __/ | _/ |
29. |___/ |___/
30.  
31. };
32. sleep(2);
33. print "\n";
34. print "\t+=============================================================+\n";
35. print "\t| I.C.S.G Multi Sql Injection Vulenarability Scanner |\n";
36. print "\t| Author: WH!T3 W01F |\n";
37. print "\t| Iran-Cyber.Org |\n";
38. print "\t| Spc Tnx: root3r|MOHAMAD-NOFOZI|KamraN HellisH|JOK3R|Pi.Hack |\n";
39. print "\t+=============================================================+\n";
40. print "\n\n";
41. print "\tScanning ... (Vulnerable Sites Will Save In vulns.txt)\n\n";
42. open("list","<$file") or die "Can't Open Sites List : $!";
43. while(<list>){
44. chomp($_);
45. $site=$_;
46. if ($site =~ /http:|https:/) {
47. $get=get "$site";
48. if ($get =~ /Warning: mysql_fetch_array()|Warning: mysql_query(): |Warning: mysql_query(): Access denied for user|You have an error in your SQL syntax;|Warning: mysql_fetch_array|supplied argument is not a valid MySQL result resource in|There was an error querying the database.|Warning: mysql_fetch_row():|Division by zero in|Call to a member function|Microsoft JET Database|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed|mysql_fetch_object()|argument is not a valid MySQL|Syntax error|Fatal error|mysql_num_rows()|execute query|mysql_num_rows()|mysql_error|error/) {
49. print "$site => Is Vulnerable\n";
50. open("vulns",">>vulns.txt") or die "Can't Write To File : $!";
51. print vulns "$site\n";
52. }
53. } else {
54. $site2='http://' . $site;
55. $get2=get "$site2";
56. if ($get2 =~ /Warning: mysql_fetch_array()|Warning: mysql_query(): |Warning: mysql_query(): Access denied for user|You have an error in your SQL syntax;|Warning: mysql_fetch_array|supplied argument is not a valid MySQL result resource in|There was an error querying the database.|Warning: mysql_fetch_row():|Division by zero in|Call to a member function|Microsoft JET Database|Microsoft OLE DB Provider for SQL Server|Unclosed quotation mark|Microsoft OLE DB Provider for Oracle|Incorrect syntax near|SQL query failed|mysql_fetch_object()|argument is not a valid MySQL|Syntax error|Fatal error|mysql_num_rows()|execute query|mysql_num_rows()|mysql_error|error/) {
57. print "$site2 => Is Vulnerable\n";
58. open("vulns",">>vulns.txt") or die "Can't Write To File : $!";
59. print vulns "$site\n";
60. }
61. }
62. }
63. print "################################################\n\n";
64. print "Finished.Vulnerable Links Saved In vulns.txt ;)\n\n";
65. print "Don't Forget To Visit Iran-Cyber.Org ;)\n\n";
66. close("vulns");
67. close("list");